/* * Function: auth_gssapi_create_default * * Purpose: Create a GSS-API style authenticator, with default * options, and return the handle. * * Effects: See design document, section XXX. */ AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name) { AUTH *auth; OM_uint32 gssstat, minor_stat; gss_buffer_desc input_name; gss_name_t target_name; input_name.value = service_name; input_name.length = strlen(service_name) + 1; gssstat = gss_import_name(&minor_stat, &input_name, gss_nt_service_name, &target_name); if (gssstat != GSS_S_COMPLETE) { AUTH_GSSAPI_DISPLAY_STATUS(("parsing name", gssstat, minor_stat)); rpc_createerr.cf_stat = RPC_SYSTEMERROR; rpc_createerr.cf_error.re_errno = ENOMEM; return NULL; } auth = auth_gssapi_create(clnt, &gssstat, &minor_stat, GSS_C_NO_CREDENTIAL, target_name, GSS_C_NULL_OID, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, 0, NULL, NULL, NULL); gss_release_name(&minor_stat, &target_name); return auth; }
/* Create RPC auth handle. Do auth flavor fallback if needed. */ static void rpc_auth(kadm5_server_handle_t handle, kadm5_config_params *params_in, gss_cred_id_t gss_client_creds, gss_name_t gss_target) { OM_uint32 gssstat, minor_stat; struct rpc_gss_sec sec; /* Allow unauthenticated option for testing. */ if (params_in != NULL && (params_in->mask & KADM5_CONFIG_NO_AUTH)) return; /* Use RPCSEC_GSS by default. */ if (params_in == NULL || !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { sec.mech = (gss_OID)gss_mech_krb5; sec.qop = GSS_C_QOP_DEFAULT; sec.svc = RPCSEC_GSS_SVC_PRIVACY; sec.cred = gss_client_creds; sec.req_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG; handle->clnt->cl_auth = authgss_create(handle->clnt, gss_target, &sec); if (handle->clnt->cl_auth != NULL) return; } if (params_in != NULL && (params_in->mask & KADM5_CONFIG_AUTH_NOFALLBACK)) return; /* Fall back to old AUTH_GSSAPI. */ handle->clnt->cl_auth = auth_gssapi_create(handle->clnt, &gssstat, &minor_stat, gss_client_creds, gss_target, (gss_OID) gss_mech_krb5, GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, 0, NULL, NULL, NULL); }